=== Treder Security Snapshot ===
Contributors: bdtreder
Tags: security, audit, admin, report, hardening
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A lightweight WordPress security health report with a simple score, clear findings, local reports, and beginner-friendly suggested fixes.

== Description ==

Treder Security Snapshot gives WordPress site owners a simple local security health report.

It is not a firewall, malware removal tool, or all-in-one security suite. It focuses on clear visibility, practical recommendations, and easy reporting.

The plugin checks common WordPress security basics and gives you a security score from 0 to 100.

= Included Features =

* Security score from 0 to 100
* Dashboard tab
* Detailed audit tab
* Scan history tab
* WordPress dashboard widget
* Beginner-friendly explanations
* Suggested fixes
* Local scan history
* Local HTML report download
* Email latest report to a chosen address

= Security Checks =

* WordPress core update status
* Plugin update status
* Theme update status
* Default admin usernames
* User enumeration risk
* XML-RPC status
* File editing status
* Debug mode status
* Directory browsing indicators
* HTTPS and SSL status
* Database prefix check
* WordPress version visibility
* Public registration status
* Inactive plugins

= Separate Pro Companion =

A separate Pro companion plugin is available from the author's website for users who want additional tools such as advanced checks, scheduled reports, file integrity monitoring, white-label reporting, and AI-assisted fix plans.

The WordPress.org plugin includes all functionality described in this readme.

== Installation ==

1. Upload the `treder-security-snapshot` folder to `/wp-content/plugins/`.
2. Activate the plugin from the WordPress Plugins screen.
3. Go to Tools > Security Snapshot.
4. Run your first snapshot.

== Frequently Asked Questions ==

= Is this a firewall? =

No. Treder Security Snapshot is a security health report tool. It does not block attacks.

= Does this remove malware? =

No. It does not remove malware. It checks common WordPress security settings and reports possible risks.

= Does this collect data? =

No. The plugin runs locally inside WordPress and does not send data to external services.

= Does this use remote APIs? =

No. The plugin does not call external APIs.

= Can I use this on client websites? =

Yes. The plugin can be used to review basic WordPress security health and generate local reports.

== Screenshots ==

1. Security score dashboard.
2. Detailed security audit.
3. Scan history.
4. Local report tools.

== Changelog ==

= 1.0.0 =
* Initial release.
